Technology related to adaptive temporal resource binding based on speculative pipeline interdependency is disclosed. In one example, a key is generated based on contents of a data item (such as a network packet received via a computer network). The key is used to determine whether another data item associated with the key is in a processing pipeline, of a plurality of processing pipelines. If another data item associated with the key is in one of the processing pipelines, then the data item is sent to that processing pipeline. If no other data item associated with the key is in any of the processing pipelines, the data item is sent based on available capacities of the processing pipelines. Subsequent data items associated with the same key are sent to the same pipeline so long as at least one data item associated with the key is still in the processing pipeline.
Methods, non-transitory computer readable media, network traffic management devices, and network traffic management systems that protect resources that are accessible to a secondary device that is connected to a hotspot hosted by a host device that has an established VPN tunnel with a secure server storing the protected resources are illustrated. With this technology, a connection to a protected resource via a VPN tunnel is established by a host device based on a successful compliance check and the host device also simultaneously operates as a hotspot. The host device intercepts one or more data packets from a secondary device that is connected to the hotspot and in response to determining that the data packets have a TTL value that is less than a default value, the host device executes a security action with respect to the data packets.
Technologies related to preventing access to secure network resources by a virtual machine are disclosed. A client computing device that is connected to a virtual private network (VPN) can automatically disconnect from the VPN when a process associated with a virtual machine is detected on the client computing device. The client computing device can prompt a user to install and execute security policy compliance software on the virtual machine to determine whether it complies with a security policy. If the virtual machine complies with the security policy, the VPN connection can be re-enabled. If the virtual machine is not compliant, the client computing device can prevent the VPN connection from being re-enabled until the virtual machine is stopped or is brought into compliance.
Methods, network traffic management apparatuses, non-transitory computer readable media, and network traffic management systems that control network traffic with a subscriber-aware disaggregator include mapping a network address in a network packet received from a client to one of a plurality of subscribers in a subscriber database. A master network address for the one of the subscribers is identified from the mapped network address, where the subscriber has at least one other network address associated with the one of the subscribers. The network packet is routed to a determined one of a plurality of processing nodes and processing threads based on the master network address for the one of the subscribers.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that optimizes routing of a message are disclosed. The method includes obtaining a message comprising a header, wherein the header has a parameter with a value indicating one of a plurality of transmission priorities for the message. Based on the value in the parameter within the header, the method further includes identifying the one of the transmission priorities for the message. Based on the identified transmission priority of the message, the method further includes determining a target network entity for the message. The method further includes transmitting the message to the target network entity.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with selectively routing packets includes receiving a domain name system request from a client. The domain name system request can comprise a configuration for registration of an adapter and then, based on the configuration of the domain name system request, a server can be determined to send the domain name system request. The configuration can comprise an adapter type and the server is determined at least in part based on the adapter type of the configuration. Then the domain name system request can be transmitted to the determined server.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
H04L 61/5076 - Update or notification mechanisms, e.g. DynDNS
7.
METHODS FOR GENERATING CLIENT-EXECUTABLE ACTIONS THROUGH TLS PARAMETERS AND DEVICES THEREOF
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with generating client-executable actions with TLS parameters includes receiving a request from a client for establishing a TLS connection to a server, wherein the request comprises TLS parameters for the TLS connection. An identity of the client is determined based on the TLS parameters in the request unique to the client. A recommended client-executable action is generated based on the TLS parameters. The recommended client-executable action is an adjustment of a characteristic of a system of the client. The recommended client-executable action is transmitted to the client.
Methods, network traffic management devices, non-transitory computer readable media, and network traffic management systems that identify a device user based on a user-related metrics analysis include retrieving, in response to a received request requiring identification of a user at a client, user profile data associated with a user. A user confidence score is calculated based on a determined baseline user profile score for the user based on prior values associated with metrics in categories obtained from the retrieved user profile data and a determined current user profile score for the user based on current values associated with metrics in categories obtained from the retrieved user profile data. The calculated user confidence score is compared against a stored threshold range comprising minimum and maximum threshold scores. An action with respect to the user is executed in response to the request based on the comparison.
Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems for providing subscriber aware network traffic routing in a 5G network are illustrated. With this technology, a segment routing policy is received from a controller. The segment routing policy includes a plurality of subscriber identities, associated service levels and micro service instances. One or more data packets are received from a user device and the subscriber identity associated with the data packets is identified. Based on the subscriber identity and the segment routing policy, a destination micro service instance is identified and the one or more data packets are forwarded to the destination micro service instance.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with generating insights with TLS parameters includes receiving a request from a client for establishing a TLS connection to a server. In some examples, the request comprises parameters for the TLS connection. Next, the network traffic manager apparatus determines an identity of the client based on the TLS parameters in the request unique to the client and executes an action based on the TLS parameters which alters a handling of the request.
Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems that provide protection of 5G core networks are illustrated. With this technology, the user plane status can be received from a network repository function indicating whether a user plane restarted. Then the system can determine whether an amount of error messages flowing from the user plane to a gNodeB for a source exceeds a predetermined threshold. In response to determining the amount of error messages exceeds a predetermined threshold and determining that the user plane was not restarted, all messages flowing to the gNodeB for the source can be blocked. Lastly, in response to determining the amount of echo messages from the user plane to the gNodeB is below a second predetermined threshold and that the user plane did not restart, the source can be stored as a bad actor.
Technology related to resolution of hostname for webtop resource access is disclosed. In one example, a method includes receiving request for accessing one or more resources from the webtop associated with the user. A usage pattern data of the user for the webtop is determined. For the requested resource, hostname pre-resolution data is determined based on the usage pattern data and an access policy before a given resource is requested for access. A response for the resource access request is generated based on the determined hostname pre-resolution data and the access policy. The response for the resource access request comprises an address of at least one corresponding backend server for redirecting the user to access the requested resource.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
A computing system and related method protect a computer network connection manager's resources from attempted resource attacks by extracting SrcIP and TTL values from received data packet headers. Extracted SrcIP and TTL values are analyzed to determine the probability that a received data packet is malicious. If the probability exceeds a specified threshold, resources are denied, and the packet is dropped. If the specified threshold is not exceeded, resources are allocated to the received data packet. The SrcIP reputation score, TTL value frequency, SrcIP frequency, SrcIP geo-location, and resource occupancy may all be used in computing the probability of a malicious data packet. These factors may be weighted and summed to calculate the probability of a malicious data packet.
A cloud-based operating-system-event and data-access monitoring method includes collecting event information from a monitored cloud-based element. One or more structured event payloads based on the event information is then generated. The structured event payloads that produce one or more validated event collections are then validated. The one or more validated event collections are then serialized and filtered to remove redundant structured event payload data. The filtered validated structured event payloads are then de-serialized to produce a time-sequenced, ordered event stream. The time-sequenced, ordered event stream is de-duplicated to remove duplicate structured event payloads. The time-sequenced ordered event stream is then processed to generate processed information security results.
Systems and methods for data plane management are disclosed herein. An example method includes deploying a native module that is embedded in a service routing layer of the service mesh, assigning a security policy to the native module from a bootstrapping layer of the service mesh, the security policy enabling the native module to detect patterns in the service mesh data that are indicative of sensitive information, evaluating service mesh data by the native module with the security policy, and transmitting telemetry to a cloud-based command module when the native module has detected patterns in the service mesh data.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
Systems and methods for data plane management are disclosed herein. An example method includes deploying a WASM that is embedded in a service routing layer of the service mesh, assigning a security policy to the WASM from a bootstrapping layer of the service mesh, the security policy enabling the WASM to detect patterns in the service mesh data that are indicative of sensitive information, evaluating service mesh data by the WASM with the security policy, and transmitting telemetry to a cloud-based command module when the WASM has detected patterns in the service mesh data.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with network packet switching based on packet data includes receiving a plurality of network packets. Next, header data and payload data is separated for each of the plurality of received network packets. Next, digest data is created from the separated header data for each of the plurality of network packets. One or more network actions are identified for each of the plurality of network packets based on the corresponding created digest data. The identified one or more network actions are performed on the separated header data and the payload data.
Methods, non-transitory computer readable media, attack mitigation apparatuses, and network security systems that improve network security for web applications are illustrated. With this technology, a web application resource associated with a protected web application is obtained from a server following receipt of a request for the web application resource from a client. A determination is made when the client is suspicious, and when the determination indicates the client is suspicious. The web application resource is modified by injecting a honeypot into source code of the resource. The honeypot comprises a conviction trap that can be engaged by the client. The modified web application resource is then sent to the client in a response to the request for the web application resource. Subsequently the client can be convicted as malicious if it is determined that the honeypot is engaged, thereby providing a more effective and accurate identification of manual attackers.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with allocating a traffic load through heterogenous topology of a network includes extracting a header of each of a plurality of received packets of a traffic flow. Each of the headers comprises fields. Next, the network traffic manager apparatus executes a hashing function over the fields of each of the headers, applies a load balancing function to determine one of a plurality of endpoints to send each of the received packets based on one or more endpoint characteristics, and maps the index for each corresponding one of the received packets to the corresponding selected one of the endpoints. The received packets are not evenly divided among the plurality of endpoints. Lastly, the network traffic manager apparatus sends the received packets selected endpoint based on the mapping from the load balancing policy.
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
20.
SYSTEM AND METHODS FOR FILTERING IN OBLIVIOUS DEPLOYMENTS AND DEVICES THEREOF
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with filtering content includes receiving a domain name system request from a client. Then, sending an address from the domain name system request to a policy setver. The policy server can retrieve a filter id associated with the client. The method then includes sending the domain name system request with the filter id to an oblivious server. After, the method includes receiving a response with filtered content based on the domain name system request with the filter id from the oblivious server. The oblivious server can then generate a subscriber content filtering policy configuration based on the filter id and generate the response with the filtered content based on the subscriber content filtering policy configuration. Lastly. the methods includes sending the response to the domain name system request with filtered content to the client.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting a flood attack of a server includes receiving an echo request with a request id for checking connectivity to a server from a source. Next, the method determines whether the request id of the echo request matches a request id of one of a plurality of malicious received requests within a plurality of prior received requests. The comparison of the request ids is conducted to determine whether the request is a legitimate request. Then, the echo request is transmitted to the server when the comparing fails to identify the match. Lastly, an echo response can be sent to the source after sending the echo request to the server.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with filtering content includes receiving a domain name system request from a client. Then, sending an address from the domain name system request to a policy server. The policy server can retrieve a filter id associated with the client. The method then includes sending the domain name system request with the filter id to an oblivious server. After, the method includes receiving a response with filtered content based on the domain name system request with the filter id from the oblivious server. The oblivious server can then generate a subscriber content filtering policy configuration based on the filter id and generate the response with the filtered content based on the subscriber content filtering policy configuration. Lastly, the methods includes sending the response to the domain name system request with filtered content to the client.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting a flood attack of a server includes receiving an echo request with a request id for checking connectivity to a server from a source. Next, the method determines whether the request id of the echo request matches a request id of one of a plurality of malicious received requests within a plurality of prior received requests. The comparison of the request ids is conducted to determine whether the request is a legitimate request. Then, the echo request is transmitted to the server when the comparing fails to identify the match. Lastly, an echo response can be sent to the source after sending the echo request to the server.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with establishing a connection to a server with a certificate includes receiving a request for establishing an encrypted connection and obtaining a certificate responsive to the received request. Next, the network traffic manager apparatus generates a content cache key for the obtained certificate. Next, the network traffic manager apparatus retrieves a data structure in the cache using the generated content cache key for the obtained certificate. The retrieved data structure is generated and stored in the cache during a previous established encrypted connection. The data structure comprises of extracted data from a previous certificate. Then, the network traffic manager apparatus initiates encryptographic operations using the retrieved data structure from the cache.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
25.
METHODS FOR MANAGING HARDWARE SECURITY SERVERS AND DEVICES THEREOF
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing hardware security servers includes receiving a request from a client. The request can comprise of a unique numerical handle and a command for a hardware security server. The unique numerical handle can be generated as a response to a previous request from the client. It can further include searching for a key handle mapped to the unique numerical handle and hardware security server in memory. The method can also include sending the request to the hardware security server with the key handle when the key handle is retrieved from memory during the search and sending a response received from the hardware security server to the client. The response can be received as a result of sending the request to the hardware security server.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing hardware security servers includes receiving a request from a client. The request can comprise of a unique numerical handle and a command for a hardware security server. The unique numerical handle can be generated as a response to a previous request from the client. It can further include searching for a key handle mapped to the unique numerical handle and hardware security server in memory. The method can also include sending the request to the hardware security server with the key handle when the key handle is retrieved from memory during the search and sending a response received from the hardware security server to the client. The response can be received as a result of sending the request to the hardware security server.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with migrating keys between a first hardware security system and a second hardware security system includes receiving an encrypted symmetric key from a first hardware security system. The symmetric key generated by the first hardware security system is encrypted using a public key generated from a second hardware security system. A generated public key is sent to the first hardware security system prior to encrypting the symmetric key. The received encrypted symmetric key is sent to the second hardware security system. An encrypted original key from the first hardware security system is received upon sending the encrypted symmetric key to the second hardware security system. The original key is encrypted using the symmetric key. The migration is completed when the second hardware security system decrypts the sent encrypted original key using the sent encrypted symmetric key.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with optimizing selection from hardware security servers includes receiving data from candidate hardware security servers after sending an operation status request or a capability query to the candidate hardware security servers. The hardware security requirements can comprise of one or more server operation rules. Then, generating compliance scores for the candidate hardware security servers based on hardware security server requirements, built-in hardware security server requirements, and received data from the candidate hardware security servers. The method can then include generating a rank for the candidate hardware security servers based on the compliance scores of the candidate hardware security servers and providing the hardware security server recommendation for one of the candidate hardware security servers to the client based on the generated rank of the candidate hardware security servers with compliance scores above a predetermined threshold.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with allocating a traffic load through heterogenous topology of a network includes extracting a header of each of a plurality of received packets of a traffic flow. Each of the headers comprises fields. Next, the network traffic manager apparatus executes a hashing function over the fields of each of the headers, applies a load balancing function to determine one of a plurality of endpoints to send each of the received packets based on one or more endpoint characteristics, and maps the index for each corresponding one of the received packets to the corresponding selected one of the endpoints. The received packets are not evenly divided among the plurality of endpoints. Lastly, the network traffic manager apparatus sends the received packets selected endpoint based on the mapping from the load balancing policy.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with network packet switching based on packet data includes receiving a plurality of network packets. Next, header data and payload data is separated for each of the plurality of received network packets. Next, digest data is created from the separated header data for each of the plurality of network packets. One or more network actions are identified for each of the plurality of network packets based on the corresponding created digest data. The identified one or more network actions are performed on the separated header data and the payload data.
A cloud-based operating-system-event and data-access monitoring method includes collecting event information from a monitored cloud-based element. One or more structured event payloads based on the event information is then generated. The structured event payloads that produce one or more validated event collections are then validated. The one or more validated event collections are then serialized and filtered to remove redundant structured event payload data. The filtered validated structured event payloads are then de-serialized to produce a time-sequenced, ordered event stream. The time-sequenced, ordered event stream is de-duplicated to remove duplicate structured event payloads. The time-sequenced ordered event stream is then processed to generate processed information security results.
A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems includes receiving a plurality of network packets. Metadata comprising state information for the received plurality of network packets is generated. The generated metadata is inserted into the received plurality of network packets or a cloned version of the plurality of network packets. A network diagnostic operation is performed on the received plurality of network packets based on the inserted metadata into the received plurality of network packets or the cloned version of the plurality of network packets.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with allocating a traffic load through heterogenous topology of a network includes extracting a header of each of a plurality of received packets of a traffic flow. Each of the headers comprises fields. Next, the network traffic manager apparatus executes a hashing function over the fields of each of the headers, applies a load balancing function to determine one of a plurality of endpoints to send each of the received packets based on one or more endpoint characteristics, and maps the index for each corresponding one of the received packets to the corresponding selected one of the endpoints. The received packets are not evenly divided among the plurality of endpoints. Lastly, the network traffic manager apparatus sends the received packets selected endpoint based on the mapping from the load balancing policy.
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
35.
APPARATUS AND METHODS FOR RADIO ACCESS NETWORK OPTIMIZATION BY EXTENDING NEAR-RT AND NON-RT RIC FUNCTIONALITY FOR O-CLOUD OPTIMIZATION AND MANAGEMENT
Technology related to near-realtime O-Cloud optimization requirements by extending O-Cloud Near-RT and Non-RT functionality. In one example, a method includes receiving, via an interface between the O-Cloud orchestrator and the near-realtime RAN intelligent controller, policies related to O-Cloud workload optimization. It further includes determining, one or more policy scenarios have occurred. Then transmitting, from the near-realtime RAN intelligent controller to the O-Cloud, instructions for one or more corrective actions. The method further includes executing, via one or more XApps on the O-Cloud, one or more corrective actions consistent with the received instructions. Finally, transmitting, from the one or more Xapps on the O-Cloud, confirmation of the execution of the one or more corrective actions.
Methods, non-transitory computer readable media, network traffic management apparatuses, central management devices, and network traffic management systems that control access to configuration data in a distributed system are illustrated. With this technology, a set of configuration data is stored in a first data structure and a corresponding set of configuration data is stored in a second data structure along with an encrypted digest value that was encrypted using a private key associated with a particular administrator role. The stored configuration data and/or newly received modifications to stored configuration data can be authenticated via a comparison of a digest value calculated using the configuration data compared to the stored encrypted digest value, which is decrypted with a stored public key corresponding to the administrator role. Accordingly, configuration data can be securely controlled by authenticating it as valid in accordance with authorized administrator roles prior to being updated or loaded.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
37.
APPARATUS AND METHODS FOR RADIO ACCESS NETWORK OPTIMIZATION BY EXTENDING NEAR-RT AND NON-RT RIC FUNCTIONALITY FOR O-CLOUD OPTIMIZATION AND MANAGEMENT AND DEVICES THEREOF
Technology related to near-realtime O-Cloud optimization requirements by extending O-Cloud Near-RT and Non-RT functionality. In one example, a method includes receiving, via an interface between the O-Cloud orchestrator and the near-realtime RAN intelligent controller, policies related to O-Cloud workload optimization. It further includes determining, one or more policy scenarios have occurred. Then transmitting, from the near-realtime RAN intelligent controller to the O-Cloud, instructions for one or more corrective actions. The method further includes executing, via one or more XApps on the O-Cloud, one or more corrective actions consistent with the received instructions. Finally, transmitting, from the one or more Xapps on the O-Cloud, confirmation of the execution of the one or more corrective actions.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems includes receiving a plurality of network packets. Metadata comprising state information for the received plurality of network packets is generated. The generated metadata is inserted into the received plurality of network packets or a cloned version of the plurality of network packets. A network diagnostic operation is performed on the received plurality of network packets based on the inserted metadata into the received plurality of network packets or the cloned version of the plurality of network packets.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 43/062 - Generation of reports related to network traffic
H04L 67/561 - Adding application-functional data or data for application control, e.g. adding metadata
39.
Methods for improving web scanner accuracy and devices thereof
A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with providing adaptive authentication for federated environment includes receiving a request to access an application from a client. Next, one of a plurality of web application servers in which the requested application is executing is identified and data associated with the requesting client is obtained. An authentication request comprising an index based on the identified web application server and the obtained client data is generated. The requesting client using the generated authentication request including the index is authenticated.
Technologies related to malicious DNS request detection are disclosed. A DNS server can use a machine learning model to analyze DNS requests and to detect requests that are potentially malicious. The machine learning model can comprise a neural network (such as a convolutional neural network) that is trained using a corpus of know n malicious and non-malicious DNS requests. Data included in a DNS request can be provided as input to a machine learning algorithm (such as a neural network algorithm) that uses the input data and the machine learning model to generate a prediction of whether the DNS request is malicious. If the DNS request is determined to likely be malicious then the request can be blocked (for example by providing a fake address in response to the DNS request). If the DNS request is determined to likely be non-malicious, then the DNS request can be allowed.
Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems include inspecting a plurality of incoming packets to obtain packet header data for each of the incoming packets. The packet header data is filtered using one or more filtering criteria. At least one of a plurality of optimized DMA behavior mechanisms for each of the incoming packets are selected based on associating the filtered header data for each of the incoming packets with stored profile data. The incoming packets are disaggregated based on the corresponding selected one of the optimized DMA behavior mechanisms.
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
A method, non-transitory computer readable medium and device that assists with managing L7 network classification includes receiving a request to access a service by a mobile computing device. Next, application layer network traffic from the requesting mobile computing device is classified based on mobile data associated with the requesting mobile computing device. One or more actions are performed based on the classification.
Technology related to broadcast packet direct memory access (DMA) operations is disclosed. When a network interface controller (NIC) connected to a host computer receives a broadcast packet, it can transmit a request to an agent process running on the host computer for a plurality of destination buffers. In some embodiments, the request to the agent comprises all or part of the packet, or metadata about the packet. In such embodiments, the agent can use the contents of the request to identify services that should receive the packet. Alternatively, the NIC can identify the destination services and can transmit identifiers for the destination services to the agent. The agent can transmit requests for memory buffers to the services and can receive memory location identifiers in response. The agent can transmit the identifiers to the NIC, which can perform multiple DMA operations to write the broadcast packet to the identified memory locations.
A method, non-transitory computer readable medium, and device for analyzing network traffic and enforcing network policies includes analyzing network traffic data based on one or more network traffic rules. An attack on the network such as a current or predicted attack is determined based on the analysis. Next, one or more policy changes to a plurality of existing network policies are identified when the current or predicted attack on the network is determined to be present. The identified one or more policy changes are enforced on one or more client computing devices causing the determined current or the predicted attack on the network.
Technology related to network load balancing using machine learning is disclosed. Potential imbalances in some load balancing scenarios can be addressed by using a machine learning model to generate resource utilization predictions for requests and performing load balancing operations based on the resource utilization predictions. For example, requests can be stored in a plurality of queues based on the resource utilization predictions. The queues of requests can then be processed by a load balancer. For example, the requests in the plurality of queues can be assigned to a plurality' of servers independently of one another, wherein requests from one queue are assigned to a plurality of servers without regard for the way that requests from another queue are assigned to the plurality of servers, and vice versa. Thus, in at least some scenarios, imbalances in the processing loads of the plurality of the servers can be avoided.
H04L 67/1008 - Server selection for load balancing based on parameters of servers, e.g. available memory or workload
H04L 67/60 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Technology related to resolution of hostname for webtop resource access is disclosed. In one example, a method includes receiving request for accessing one or more resources from the webtop associated with the user. A usage pattern data of the user for the webtop is determined. For the requested resource, hostname pre-resolution data is determined based on the usage pattern data and an access policy before a given resource is requested for access. A response for the resource access request is generated based on the determined hostname pre-resolution data and the access policy. The response for the resource access request comprises an address of at least one corresponding backend server for redirecting the user to access the requested resource.
G06F 11/34 - Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation
H04L 41/0253 - Exchanging or transporting network management information using the InternetEmbedding network management web servers in network elementsWeb-services-based protocols using browsers or web-pages for accessing management information
H04L 41/046 - Network management architectures or arrangements comprising network management agents or mobile agents therefor
H04L 41/0853 - Retrieval of network configurationTracking network configuration history by actively collecting configuration information or by backing up configuration information
G06F 3/0481 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
G06F 9/451 - Execution arrangements for user interfaces
G06F 16/957 - Browsing optimisation, e.g. caching or content distillation
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
48.
ADAPTIVE TEMPORAL RESOURCE BINDING BASED ON SPECULATIVE PIPELINE INTERDEPENDENCY
Technology related to adaptive temporal resource binding based on speculative pipeline interdependency is disclosed. In one example, a key is generated based on contents of a data item (such as a network packet received via a computer network). The key is used to determine whether another data item associated with the key is in a processing pipeline, of a plurality of processing pipelines. If another data item associated with the key is in one of the processing pipelines, then the data item is sent to that processing pipeline. If no other data item associated with the key is in any of the processing pipelines, the data item is sent based on available capacities of the processing pipelines. Subsequent data items associated with the same key are sent to the same pipeline so long as at least one data item associated with the key is still in the processing pipeline.
Technology related to sending data items via network links in a link aggregate group is disclosed. Data items (such as network packets received via a computer network) can be analyzed to determine whether the data items qualify for a relaxed transmission ordering. If a data item does not qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on contents of the data item (such as by generating a signature or key based on headers of the data item and selecting a network link based on the signature or key). However, if the data item does qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on available capacities of the network links (such as by selecting a network link with a largest available capacity).
H04L 69/00 - Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
H04L 45/00 - Routing or path finding of packets in data switching networks
Technology related to sending data items via network links in a link aggregate group is disclosed. Data items (such as network packets received via a computer network) can be analyzed to determine whether the data items qualify for a relaxed transmission ordering. If a data item does not qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on contents of the data item (such as by generating a signature or key based on headers of the data item and selecting a network link based on the signature or key). However, if the data item does qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on available capacities of the network links (such as by selecting a network link with a largest available capacity).
Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that identify when a domain name identifier in a received request matches one of a plurality of domain names stored in a whitelist domain name storage. When the identification indicates the received domain name identifier fails to match one of the plurality of domain names stored in the whitelist domain name storage, then a determination is made on whether the received request is a suspicious request. Another storage is updated when the determination indicates the received request is the suspicious request or otherwise updating the received request as a valid request.
Technology related to application deployment across network devices including smart network interface cards. In one example, a method includes distributing an application across a plurality of locally connected computing subdomains. The subdomains can include a mixture of general and special purpose computing subdomains, such as for example, a main computer and an associated smart network interface devices or systems, such as for example a smart network interface card (NIC). The subdomains can each run hypervisors that are bridged to allow a single virtual machine to operate across the subdomains. The application can include multiple portions. For example, an application can be split by different functionalities. The application portions can be tagged to indicate which subdomain they are to be executed within. If the chosen subdomain has available the requisite resources, the application can be detached and distributed to the chosen subdomain.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with mitigating DDoS attack using a hardware device includes determining when a received network packet in an established connection between a client and a destination server includes a connection identifier cookie. A connection validation cookie is generated based on at least data in the received network packet, when the determination indicates the received network packet includes the connection identifier cookie. The connection identifier cookie is compared against the generated connection validation cookie. The received network packet is dropped when the comparison indicates the connection validation cookie fails to match the connection identifier cookie.
Technology related to multi-device authentication is disclosed. In one example, a method can include receiving a request from a requesting client device to access a secured server. A command can be sent to an authenticating device to capture environmental information in proximity to the authenticating device. The captured environmental information can be used to verify the requesting client device and the authenticating device are near each other. The received request can be forwarded to the secured server in response to verifying the requesting client device and the authenticating device are near each other.
Technology related to managing network traffic with sensitive data is disclosed. In one example, a method can include performing a cryptographic transformation of sensitive data of a request from a requestor for a resource. A portion of the cryptographic transformation of the sensitive data of the request can be transmitted to a sensitive data server. One or more possible matches to the cryptographic transformation of the sensitive data of the request can be received from the sensitive data server. A match to the cryptographic transformation can be identified within the one of the one or more possible matches. In response to identifying the match, an access policy for the requestor or the resource can be changed.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method, non-transitory computer readable medium and device that assists with preventing distributed denial of service attack includes receiving a request for a web resource from a client computing device. The received requested for the web resource is determined for presence of referrer header information. When the received request is determined to include the referrer header information, then the referrer header information is checked whether it includes a known domain and a valid cookie associated with the known domain. A distributed denial of service attack is prevented by providing a proactive challenge to the requesting client computing device when received request for the web resource does not include the referrer header information or when the referrer header information comprises the known domain and does not include the valid cookie.
Methods, non-transitory computer readable media, workload management devices, and network traffic management systems that optimize systems with idempotent workloads are illustrated. With this technology, an identification is made when a status indicates a jobs is deferred. A determination is then made when the job is preempted based on a type of the job, when the identification indicates the job is deferred and the type and an identifier of the job matches another job. Another status is adjusted to indicate the other job is deferred. The status is then modified to indicate that the job is preempted, or the job is removed, when the determination indicates the job is preempted. Accordingly, jobs are selectively preempted, such as based on idempotency of the associated workload, to achieve intended consistent states for objects faster, with increased reliability, and with reduced overhead.
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting changes to a firmware software components, and configuration parameters includes obtaining an executable file comprising a basic input-output system firmware and software component data of a hardware component at run-time. A hash value for the obtained executable file at the run-time is identified. The identified hash value is compared with a stored hash value associated with the obtained executable file to determine when the obtained executable file is unmodified, wherein the stored hash value was determined at a build time of the hardware component. The obtained executable file of the hardware component is executed when the obtained executable file is determined to be unmodified.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
59.
Methods for protecting CPU during DDoS attack and devices thereof
Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with protecting a CPU during a DDOS attack includes monitoring network traffic data from plurality of client devices. Each of the plurality of client devices are classified as a valid device or a potential attacker device based on the monitoring. Next a determination of when CPU utilization of a network traffic manager apparatus is greater than a stored threshold value is made. The CPU utilization of the network traffic manager increases as a number of the plurality of client devices classified as the potential attacker device increases. One or more network actions are performed on the plurality of client devices classified as the potential attacker device to protect the CPU when the determination indicates the CPU utilization is greater than the stored threshold value.
H04L 41/28 - Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
H04L 41/0631 - Management of faults, events, alarms or notifications using root cause analysisManagement of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
60.
Methods for improved network security using asymmetric traffic delivery and devices thereof
Methods, non-transitory computer readable media, application delivery controller (ADC) apparatuses, and network traffic management systems that receive a request including an Internet Protocol (IP) version 6 (IPv6) source address and an IPv6 destination address. A client IP version 4 (IPv4) address of a client from which the request originated and a server IPv4 address of a server are determined from one or more extracted portions of one or more of the IPv6 source address or the IPv6 destination address. The request is modified to include an IPv4 source address and an IPv4 destination address. The IPv4 source address and the IPv4 destination address include the client IPv4 address and the server IPv4 address, respectively. The modified request is sent to the server based on the server IPv4 address included in the IPv4 destination address of the modified request.
Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.
Technology related to managing name server data is disclosed. In one example, a method includes receiving a first request for data from a name server service. In response to determining that a locally stored version of the requested data is unreliable, a second request can be sent to a second service. The second service can be different from the name server service. A response from the second service can be authenticated. In response to authenticating the response from the second service, the locally stored version of the requested data can be returned to a client.
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
63.
System and method for multi-source vulnerability management
A method for multi-source cloud-infrastructure vulnerability management includes receiving cloud-element information related to a cloud-based element in a cloud environment. The method also includes receiving first vulnerability information from a first vulnerability source and receiving second vulnerability information from a second vulnerability source. Cloud-element context information is also received about the cloud-based element from the cloud environment. A multiple-source vulnerability database is then generated from both the first vulnerability information and from the second vulnerability information. The cloud-element information and the cloud-element context information are then evaluated using the multiple-source vulnerability database to generate a vulnerability assessment.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
64.
Methods for application deployment across multiple computing domains and devices thereof
Technology related to application deployment across network devices including smart network interface cards. In one example, a method includes distributing an application across a plurality of locally connected computing subdomains. The subdomains can include a mixture of general and special purpose computing subdomains, such as for example, a main computer and an associated smart network interface devices or systems, such as for example a smart network interface card (NIC). The subdomains can each run hypervisors that are bridged to allow a single virtual machine to operate across the subdomains. The application can include multiple portions. For example, an application can be split by different functionalities. The application portions can be tagged to indicate which subdomain they are to be executed within. If the chosen subdomain has available the requisite resources, the application can be detached and distributed to the chosen subdomain.
The technology discloses intercepting a request to initiate a call configured to utilize one of plurality of call initiation techniques. Next, it is determined when the one of the call initiation techniques in the intercepted request is in a subset of the plurality of call initiation techniques configured to integrate at least a part of media control negotiation and call establishment. One or more fields of the intercepted request is modified to disable the one of the plurality of call initiation techniques that is configured to integrate at least a part of media control negotiation and call establishment when the determination indicates the one of the plurality of call initiation techniques is in the subset. A permission is provided to the first mobile device to initiate the call with the second mobile device using a sequential call establishment and media control negotiation technique.
A method, non-transitory computer readable medium, and mobile application manager computing device that determines a priority level for a mobile device requiring a compliance check based on characteristic data associated with, or an identified user of, the mobile device. An entry comprising identifying data for the mobile device is inserted into a processing queue associated with the priority level. A determination is made when each of the processing queues associated with a higher priority level than the one priority level is empty. The entry is retrieved from the processing queue, the compliance check is performed on the mobile device, and a status of the mobile device is marked as out-of-compliance or in-compliance based on a result of the compliance check, when the determining indicates each of the processing queues associated with a higher one of the priority levels than the one priority level determined for the mobile device is empty.
H04L 41/026 - Exchanging or transporting network management information using the InternetEmbedding network management web servers in network elementsWeb-services-based protocols using e-messaging for transporting management information, e.g. email, instant messaging or chat
67.
Methods for managing a federated identity environment using security and access control data and devices thereof
Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing a federated identity environment includes performing one or more first access control checks on a client upon receiving a request to access one or more web applications. A new signature including data associated with the performed one or more access control checks is generated. Next, the client is redirected to a first server with the generated signature to determine when to authorize the client to access the requested one or more web applications. The client is granted access to the requested one or more web applications when the client is determined to be authorized to access the requested one or more web applications based on one or more second access control checks enforced on the client using the generated signature, and wherein data associated with the enforced one or more second access control checks is included in a response signature.
Technology related to managing network services using multipath protocols is disclosed. In one example, a method includes intercepting a multipath protocol request from a requesting host for a connection to a service. The multipath protocol request is intercepted by an intermediary server. A target host different than the intermediary server can be selected to provide the service. A multipath protocol packet can be sent from the intermediary server to the requesting host. The multipath protocol packet can add a subflow of the connection using an address of the target host. The subflow can enable a path between the requesting host and the target host that does not traverse the intermediary server.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
G06F 15/173 - Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star or snowflake
Techniques are provided for determining environment parameter values based on rendered emoji analysis, A server computer provides a first set of code that, when executed by a browser application at a client computing device, renders a set of emoji at the client computing device, generates a set of rendered graphic data for the set of emoji at the client computing device, and transmits the set of rendered graphic data for each emoji of the set of emoji from the client computing device to the server computer. The server computer receives the rendered graphic data generated at the client computing device, Based on the set of rendered graphic data for the set of emoji generated at the client computing device, the server computer determines a set values for one or more environment parameters of the client computing device.
Technology related to scheduling services on a platform including configurable computing resources is disclosed. In one example, a method includes scheduling a service to execute on a first computing node based on an availability of general-purpose computing resources at the first computing node. The first computing node can be selected from a plurality of computing nodes. Network traffic transiting the first computing node can be analyzed during the execution of the service to determine a hardware accelerator of a second computing node is capable of assisting the execution of the service. The service can be scheduled to execute on the second computing node and the hardware accelerator of the second computing node can be used to assist with the execution of the service.
G06F 15/177 - Initialisation or configuration control
H04L 67/63 - Routing a service request depending on the request content or context
G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]
H04L 41/0816 - Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
H04L 41/0813 - Configuration setting characterised by the conditions triggering a change of settings
H04L 41/00 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
H04L 67/62 - Establishing a time schedule for servicing the requests
Data is dynamically shared from a first process to a second process by creating a shared memory segment, obtaining a file descriptor referencing the shared memory segment, and mapping the shared memory segment in an address space of a first process. The file descriptor is sent to a second process. Responsive to receiving the file descriptor, the shared memory segment is mapped in an address space of the second process. Via the shared memory segment, data from the first process is shared to the second process.
G06F 12/00 - Accessing, addressing or allocating within memory systems or architectures
G06F 12/1036 - Address translation using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] for multiple virtual address spaces, e.g. segmentation
G06F 12/1009 - Address translation using page tables, e.g. page table structures
72.
METHOD AND DEVICE FOR MONITORING DATA OUTPUT BY A SERVER
A computer implemented method of monitoring data output by a server over a network is provided, in which the server is arranged to store data. The method includes analysing, by a computing device, outgoing data from the server sent over the network; filtering, by the computing device, a portion of the outgoing data to determine a remaining portion of the outgoing data; analysing, by the computing device, the remaining portion of the outgoing data to determine the amount of information in the remaining portion of the outgoing data; and performing, by the computing device, a predetermined action if the amount of information in the remaining portion of the outgoing data is over a threshold.
Technology related to orchestrating a configuration of a programmable accelerator is disclosed. In one example, a method includes executing a service within a container runtime. The service can include a software application and an orchestrator application, where the orchestrator application is adapted to configure a programmable hardware accelerator and the software application adapted to interoperate with the programmable hardware accelerator. The orchestrator application, executing within the container runtime, can be used to retrieve a system image from a file repository. The system image can include configuration data for the programmable hardware accelerator. The orchestrator application, executing within the container runtime, can be used to configure the programmable hardware accelerator.
Technology related to processing network packets in a subscriber-aware manner is disclosed. In one example, a method includes selecting one or more subscribers to move from a first network processing node to a second network processing node. In response to the selection, subscriber data associated with the one or more subscribers can be programmed at the second network processing node. After the subscriber data associated with the one or more subscribers is programmed on the second network processing node, a software defined network (SDN) switch can be reprogrammed to forward network traffic having network addresses associated with the one or more subscribers to the second network processing node instead of the first network processing node.
A method and system for generating an API schema associated with at least one API Endpoint by inspecting network data traffic. Network data requests that have been successfully served by an application associated with at least one API endpoint are examined, parsed and processed to generate an API schema corresponding to the service associated with the at least one API Endpoint.
A method for cloud-based, control-plane-event monitoring includes receiving control-plane events from a cloud-based element associated with a first and a second cloud environment. The received control-plane events are ingested from the cloud-based elements associated with the first and second cloud environments to generate a multiple-source data set from the control-plane events from the cloud-based elements associated with the first and second cloud environments. The multiple-source data set is then evaluated based on attributes of the first and second cloud environments in order to generate a common event data set. The common event data set is then processed using a rule set to generate an outcome.
H04L 43/04 - Processing captured monitoring data, e.g. for logfile generation
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Technology related to a network application firewall is disclosed. In one example, a method includes intercepting a response from a network application and destined for a client. The response can be associated with a user identifier. A modified response can be forwarded to the client. The modified response can include a honeytrap embedded within the intercepted response. Engagement with the honeytrap can be detected in a subsequent request to the network application. In response to detecting the engagement with the honeytrap, an indication that the user identifier is malicious can be stored.
A computing system and related method protect a computer network connection manager's resources from attempted resource attacks by extracting SrcIP and TTL values from received data packet headers. Extracted SrcIP and TTL values are analyzed to determine the probability that a received data packet is malicious. If the probability exceeds a specified threshold, resources are denied, and the packet is dropped. If the specified threshold is not exceeded, resources are allocated to the received data packet. The SrcIP reputation score, TTL value frequency, SrcIP frequency, SrcIP geo-location, and resource occupancy may all be used in computing the probability of a malicious data packet. These factors may be weighted and summed to calculate the probability of a malicious data packet.
Techniques are provided for security measures for extended sessions. Request data for a request is received from a client computing device to a web server system. The request comprises a session identifier (ID) for a session between an authenticated user and the web server system. It is determined, based on the request data, that the client computing device is a single-user device. It is determined, based on the request data, that the client computing device is not compromised. In response to determining that the client computing device is a single-user device and that the client computing device is not compromised, extension of the session between the authenticated user on the client computing device and the web server system is caused.
Technology related to accessing security hardware keys is disclosed. In one example, a method includes receiving an initial request to perform a first cryptographic operation using a key stored in security hardware circuitry. In response to servicing the initial request, a persistent attribute of the key can be used to query the security hardware circuitry to receive a volatile attribute of the key. The volatile attribute of the key can be stored external to the security hardware circuitry to enable subsequent requests to perform cryptographic operations on the security hardware circuitry without querying the security hardware circuitry for the volatile attribute of the key. A subsequent request referencing the key can be received. The subsequent request can be serviced by using the security hardware circuitry and identifying the key using the stored volatile attribute of the key without querying the security hardware circuitry for the volatile attribute of the key.
A method for multi-source cloud-infrastructure vulnerability management includes receiving cloud-element information related to a cloud-based element in a cloud environment. The method also includes receiving first vulnerability information from a first vulnerability source and receiving second vulnerability information from a second vulnerability source. Cloud-element context information is also received about the cloud-based element from the cloud environment. A multiple-source vulnerability database is then generated from both the first vulnerability information and from the second vulnerability information. The cloud-element information and the cloud-element context information are then evaluated using the multiple-source vulnerability database to generate a vulnerability assessment.
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
82.
Method and apparatus for end-to-end secure sharing of information with multiple recipients without maintaining a key directory
A method and computer architecture for securely sharing information with an arbitrary set of users in end-to-end fashion. A secure data sharing system includes clients and servers. Client programs running on specific client computers encrypt plaintext data and cryptographically bind the decryption of the encryption key to policy information that contains rules about a permitted decryption operation access. Other clients decrypt the encrypted data shared by the original client by proving to the server their identity and in return receiving cryptographic material.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A cloud-based operating-system-event and data-access monitoring method includes collecting event information from a monitored cloud-based element. One or more structured event payloads based on the event information is then generated. The structured event payloads that produce one or more validated event collections are then validated. The one or more validated event collections are then serialized and filtered to remove redundant structured event payload data. The filtered validated structured event payloads are then de-serialized to produce a time-sequenced, ordered event stream. The time-sequenced, ordered event stream is de-duplicated to remove duplicate structured event payloads. The time-sequenced ordered event stream is then processed to generate processed information security results.
A method and system for generating a set of API Endpoints includes receiving network data requests to extract raw URL strings and http Methods therefrom, splitting the URL strings into component groups, and building a component tree. Dynamic components are detected and replaced with a generic designator. The component tree is then collapsed by merging identical branches into a single branch, thereby providing a set of API Endpoints. Detection of dynamic components can include determining that the number of child nodes paired with a parent node is relatively large; detecting that the number of occurrences of a parent node component is relatively high within a predetermined time in comparison to the number of occurrences of corresponding child node components; detecting a relatively high similarity of grandchild node components that share a parent node; and detecting child components having randomly generated character sequences.
Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that monitor one or more messages generated by an application or one or more characteristics of one or more transmission control protocol (TCP) connections with a destination device or a source device. A determination is made when a first TCP push flag should be set for a first packet associated with data based on the monitoring. The data is provided by the application. The first TCP push flag for the first packet is set prior to the first packet being sent to the destination device via a first one of the TCP connections, based on the determination that the first TCP push flag should be set for the first packet. Accordingly, this technology more effectively manages TCP push functionality to reduce acknowledgement messages (ACKs) and thereby improve network bandwidth and device resource utilization.
G06F 15/173 - Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star or snowflake
H04L 47/283 - Flow controlCongestion control in relation to timing considerations in response to processing delays, e.g. caused by jitter or round trip time [RTT]
H04L 47/12 - Avoiding congestionRecovering from congestion
Methods, non-transitory computer readable media, secure proxy apparatuses, and network security systems that authenticate a user in response to a request to access a web application received from a client. The authenticated user is validated as authorized to access the web application. Security attribute data is then obtained for the user subsequent to the validation. The access request is forwarded to an internal application server hosting the web application and an authentication request is received in response to the forwarded access request. An SSO token is subsequently generated based on the obtained security attribute data. The generated SSO token is sent to the internal application server to facilitate access to the web application by the user.
Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 29/06 - Communication control; Communication processing characterised by a protocol
A method for cloud-based, control-plane-event monitoring includes receiving control-plane events from a cloud-based element associated with a first and a second cloud environment. The received control-plane events are ingested from the cloud-based elements associated with the first and second cloud environments to generate a multiple-source data set from the control-plane events from the cloud-based elements associated with the first and second cloud environments. The multiple-source data set is then evaluated based on attributes of the first and second cloud environments in order to generate a common event data set. The common event data set is then processed using a rule set to generate an outcome.
A cloud-based operating-system-event and data-access monitoring method includes collecting event information from a monitored cloud-based element. One or more structured event payloads based on the event information is then generated. The structured event payloads that produce one or more validated event collections are then validated. The one or more validated event collections are then serialized and filtered to remove redundant structured event payload data. The filtered validated structured event payloads are then de-serialized to produce a time-sequenced, ordered event stream. The time-sequenced, ordered event stream is de-duplicated to remove duplicate structured event payloads. The time-sequenced ordered event stream is then processed to generate processed information security results.
Programs written in interpreted languages, such as JavaScript, are distributed in source form, which is helpful to attackers so that they can more easily derive the purposes and effects of a program. As discussed herein, a program's high-level code may be effectively obfuscated by transforming the program's code from its high-level programming language to low-level processor-specific language, such as x86 instructions for x86 processors, JVM bytecode for JVMs, or proprietary opcodes for a corresponding proprietary processor or interpreter. Additional obfuscation techniques can be applied the program's low-level processor-specific code.
patents
